From 9ba229820af4e44d8d85eac0d45a7ffa30ed3db1 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Wed, 9 Dec 2015 11:36:57 +0000 Subject: [PATCH] 109638656: Implementation of two factor verification Validation of the code is done in the form, when the form.validate_on_submit is called the validate code methods are called as well. --- app/main/forms.py | 28 +++++------- app/main/views/two_factor.py | 1 - requirements_for_test.txt | 2 +- tests/app/main/views/test_two_factor.py | 16 ++++--- tests/app/main/views/test_verify.py | 61 ++++++++++--------------- 5 files changed, 46 insertions(+), 62 deletions(-) diff --git a/app/main/forms.py b/app/main/forms.py index ec8e4a254..ae90443c9 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -46,12 +46,7 @@ class TwoFactorForm(Form): Regexp(regex=verify_code, message='Code must be 5 digits')]) def validate_sms_code(self, a): - if self.sms_code.data is not None: - if checkpw(str(self.sms_code.data), session['sms_code']) is False: - self.sms_code.errors.append('Code does not match') - return False - else: - return True + validate_code(self.sms_code, session['sms_code']) class VerifyForm(Form): @@ -63,17 +58,18 @@ class VerifyForm(Form): Regexp(regex=verify_code, message='Code must be 5 digits')]) def validate_email_code(self, a): - if self.email_code.data is not None: - if checkpw(str(self.email_code.data), session['email_code']) is False: - self.email_code.errors.append('Code does not match') - return False - else: - return True + validate_code(self.email_code, session['email_code']) def validate_sms_code(self, a): - if self.sms_code.data is not None: - if checkpw(str(self.sms_code.data), session['sms_code']) is False: - self.sms_code.errors.append('Code does not match') - return False + validate_code(self.sms_code, session['sms_code']) + + +def validate_code(field, code): + if field.data is not None: + if checkpw(str(field.data), code) is False: + field.errors.append('Code does not match') + return False else: return True + else: + return True diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py index cbcedbfb1..093bd6a51 100644 --- a/app/main/views/two_factor.py +++ b/app/main/views/two_factor.py @@ -16,7 +16,6 @@ def process_two_factor(): form = TwoFactorForm() if form.validate_on_submit(): - user = users_dao.get_user_by_id(session['user_id']) login_user(user) return redirect('/dashboard') diff --git a/requirements_for_test.txt b/requirements_for_test.txt index ebea6362b..f7931ea45 100644 --- a/requirements_for_test.txt +++ b/requirements_for_test.txt @@ -1,4 +1,4 @@ -r requirements.txt pep8==1.5.7 pytest==2.8.1 -pytest-mock==0.8.1 +pytest-mock==0.8.1 \ No newline at end of file diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py index 37a4abb95..56f85c151 100644 --- a/tests/app/main/views/test_two_factor.py +++ b/tests/app/main/views/test_two_factor.py @@ -1,3 +1,5 @@ +from flask import json + from app.main.encryption import hashpw from tests.app.main.views import create_test_user @@ -30,8 +32,7 @@ def test_should_return_400_with_sms_code_error_when_sms_code_is_wrong(notificati response = client.post('/two-factor', data={'sms_code': '23456'}) assert response.status_code == 400 - assert 'sms_code' in response.get_data(as_text=True) - assert 'Code does not match' in response.get_data(as_text=True) + assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True)) def test_should_return_400_when_sms_code_is_empty(notifications_admin, notifications_admin_db): @@ -42,8 +43,7 @@ def test_should_return_400_when_sms_code_is_empty(notifications_admin, notificat session['sms_code'] = hashpw('12345') response = client.post('/two-factor') assert response.status_code == 400 - assert 'sms_code' in response.get_data(as_text=True) - assert 'Please enter your code' in response.get_data(as_text=True) + assert {'sms_code': ['Please enter your code']} == json.loads(response.get_data(as_text=True)) def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db): @@ -51,8 +51,10 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif with client.session_transaction() as session: user = create_test_user() session['user_id'] = user.id - session['sms_code'] = hashpw('12345') + session['sms_code'] = hashpw('23467') response = client.post('/two-factor', data={'sms_code': '2346'}) assert response.status_code == 400 - assert 'sms_code' in response.get_data(as_text=True) - assert 'Code must be 5 digits' in response.get_data(as_text=True) + data = json.loads(response.get_data(as_text=True)) + assert len(data.keys()) == 1 + assert 'sms_code' in data + assert data['sms_code'].sort() == ['Code must be 5 digits', 'Code does not match'].sort() diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index 17ebf35bf..3235d1206 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -1,8 +1,8 @@ -from datetime import datetime +from flask import json from app.main.dao import users_dao from app.main.encryption import hashpw -from app.models import User +from tests.app.main.views import create_test_user def test_should_return_verify_template(notifications_admin, notifications_admin_db): @@ -14,7 +14,7 @@ def test_should_return_verify_template(notifications_admin, notifications_admin_ def test_should_redirect_to_add_service_when_code_are_correct(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('12345') session['email_code'] = hashpw('23456') @@ -28,7 +28,7 @@ def test_should_redirect_to_add_service_when_code_are_correct(notifications_admi def test_should_activate_user_after_verify(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('12345') session['email_code'] = hashpw('23456') @@ -43,7 +43,7 @@ def test_should_activate_user_after_verify(notifications_admin, notifications_ad def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('12345') session['email_code'] = hashpw('23456') @@ -51,14 +51,13 @@ def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notificat data={'sms_code': '98765', 'email_code': '23456'}) assert response.status_code == 400 - assert 'sms_code' in response.get_data(as_text=True) - assert 'Code does not match' in response.get_data(as_text=True) + assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True)) def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('12345') session['email_code'] = hashpw('98456') @@ -66,58 +65,57 @@ def test_should_return_400_when_email_code_is_wrong(notifications_admin, notific data={'sms_code': '12345', 'email_code': '23456'}) assert response.status_code == 400 - print(response.get_data(as_text=True)) - assert 'email_code' in response.get_data(as_text=True) - assert 'Code does not match' in response.get_data(as_text=True) + assert {'email_code': ['Code does not match']} == json.loads(response.get_data(as_text=True)) def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('12345') session['email_code'] = hashpw('98456') response = client.post('/verify', - data={'email_code': '23456'}) + data={'email_code': '98456'}) assert response.status_code == 400 - assert 'SMS code can not be empty' in response.get_data(as_text=True) + assert {'sms_code': ['SMS code can not be empty']} == json.loads(response.get_data(as_text=True)) def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('23456') session['email_code'] = hashpw('23456') response = client.post('/verify', data={'sms_code': '23456'}) assert response.status_code == 400 - assert 'Email code can not be empty' in response.get_data(as_text=True) + assert {'email_code': ['Email code can not be empty']} == json.loads(response.get_data(as_text=True)) def test_should_return_400_when_email_code_has_letter(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('23456') session['email_code'] = hashpw('23456') response = client.post('/verify', data={'sms_code': '23456', 'email_code': 'abcde'}) - data = response.get_data(as_text=True) assert response.status_code == 400 + data = json.loads(response.get_data(as_text=True)) + expected = {'email_code': ['Code does not match', 'Code must be 5 digits']} + assert len(data.keys()) == 1 assert 'email_code' in data - assert 'Code does not match' in data - assert 'Code must be 5 digits' in data + assert data['email_code'].sort() == expected['email_code'].sort() def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('23456') session['email_code'] = hashpw('23456') @@ -125,16 +123,17 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif data={'sms_code': '2345', 'email_code': '23456'}) assert response.status_code == 400 - data = response.get_data(as_text=True) + data = json.loads(response.get_data(as_text=True)) + expected = {'sms_code': ['Code must be 5 digits', 'Code does not match']} + assert len(data.keys()) == 1 assert 'sms_code' in data - assert 'Code must be 5 digits' in data - assert 'Code does not match' in data + assert data['sms_code'].sort() == expected['sms_code'].sort() def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, notifications_admin_db): with notifications_admin.test_client() as client: with client.session_transaction() as session: - user = _create_test_user() + user = create_test_user() session['user_id'] = user.id session['sms_code'] = hashpw('23456') session['email_code'] = hashpw('09765') @@ -143,15 +142,3 @@ def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, 'email_code': '09765'}) assert response.status_code == 302 assert response.location == 'http://localhost/add-service' - - -def _create_test_user(): - user = User(name='Test User', - password='somepassword', - email_address='test@user.gov.uk', - mobile_number='+441234123412', - created_at=datetime.now(), - role_id=1, - state='pending') - users_dao.insert_user(user) - return user